Software /
code /
prosody
Comparison
plugins/mod_saslauth.lua @ 1216:fd8ce71bc72b
mod_saslauth, mod_legacyauth: Deny logins to unsecure sessions when require_encryption config option is true
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Fri, 29 May 2009 14:33:55 +0100 (2009-05-29) |
parent | 1186:078eb3b109e9 |
child | 1217:844ef764ef0e |
comparison
equal
deleted
inserted
replaced
1215:d3534badd748 | 1216:fd8ce71bc72b |
---|---|
18 local t_concat, t_insert = table.concat, table.insert; | 18 local t_concat, t_insert = table.concat, table.insert; |
19 local tostring = tostring; | 19 local tostring = tostring; |
20 local jid_split = require "util.jid".split | 20 local jid_split = require "util.jid".split |
21 local md5 = require "util.hashes".md5; | 21 local md5 = require "util.hashes".md5; |
22 local config = require "core.configmanager"; | 22 local config = require "core.configmanager"; |
23 | |
24 local secure_auth_only = config.get(module:get_host(), "core", "require_encryption"); | |
23 | 25 |
24 local log = module._log; | 26 local log = module._log; |
25 | 27 |
26 local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl'; | 28 local xmlns_sasl ='urn:ietf:params:xml:ns:xmpp-sasl'; |
27 local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind'; | 29 local xmlns_bind ='urn:ietf:params:xml:ns:xmpp-bind'; |
117 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; | 119 local mechanisms_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-sasl' }; |
118 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; | 120 local bind_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-bind' }; |
119 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; | 121 local xmpp_session_attr = { xmlns='urn:ietf:params:xml:ns:xmpp-session' }; |
120 module:add_event_hook("stream-features", | 122 module:add_event_hook("stream-features", |
121 function (session, features) | 123 function (session, features) |
122 if not session.username then | 124 if not session.username and ((not secure_auth_only) or session.secure) then |
123 features:tag("mechanisms", mechanisms_attr); | 125 features:tag("mechanisms", mechanisms_attr); |
124 -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. | 126 -- TODO: Provide PLAIN only if TLS is active, this is a SHOULD from the introduction of RFC 4616. This behavior could be overridden via configuration but will issuing a warning or so. |
125 if config.get(session.host or "*", "core", "anonymous_login") then | 127 if config.get(session.host or "*", "core", "anonymous_login") then |
126 features:tag("mechanism"):text("ANONYMOUS"):up(); | 128 features:tag("mechanism"):text("ANONYMOUS"):up(); |
127 else | 129 else |